From: Matt Caswell <matt@openssl.org>
Date: Tue, 28 May 2019 10:25:08 +0000 (+0100)
Subject: Make basic AES ciphers available from within the FIPS providers
X-Git-Tag: openssl-3.0.0-alpha1~2002
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=66ad63e80198800ad94e4e4168a6b9b6a7c0fcd4;p=thirdparty%2Fopenssl.git

Make basic AES ciphers available from within the FIPS providers

These ciphers were already provider aware, and were available from the
default provider. We move them into the FIPS provider too.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9038)
---

diff --git a/crypto/aes/build.info b/crypto/aes/build.info
index 1aa7a18dfb2..d0801de94c8 100644
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@@ -3,6 +3,10 @@ SOURCE[../../libcrypto]=\
         aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c \
         aes_ige.c aes_wrap.c {- $target{aes_asm_src} -}
 
+SOURCE[../../providers/fips]=\
+        aes_misc.c aes_ecb.c \
+        {- $target{aes_asm_src} -}
+
 GENERATE[aes-ia64.s]=asm/aes-ia64.S
 
 GENERATE[aes-586.s]=asm/aes-586.pl \
diff --git a/crypto/modes/build.info b/crypto/modes/build.info
index f015a4c3028..d0a8e6935c3 100644
--- a/crypto/modes/build.info
+++ b/crypto/modes/build.info
@@ -4,6 +4,10 @@ SOURCE[../../libcrypto]=\
         ccm128.c xts128.c wrap128.c ocb128.c siv128.c \
         {- $target{modes_asm_src} -}
 
+SOURCE[../../providers/fips]=\
+        cbc128.c ctr128.c cfb128.c ofb128.c \
+        {- $target{modes_asm_src} -}
+
 INCLUDE[gcm128.o]=..
 
 GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
diff --git a/providers/common/ciphers/build.info b/providers/common/ciphers/build.info
index f4ff2ce8756..b8c31720320 100644
--- a/providers/common/ciphers/build.info
+++ b/providers/common/ciphers/build.info
@@ -2,3 +2,6 @@ LIBS=../../../libcrypto
 SOURCE[../../../libcrypto]=\
         block.c aes.c aes_basic.c
 INCLUDE[../../../libcrypto]=. ../../../crypto
+
+SOURCE[../../fips]=\
+        block.c aes.c aes_basic.c
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 7842f90f760..37d7c5b3ed5 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -20,6 +20,7 @@
 #include "internal/cryptlib.h"
 #include "internal/property.h"
 #include "internal/evp_int.h"
+#include "internal/provider_algs.h"
 
 /* Functions provided by the core */
 static OSSL_core_get_param_types_fn *c_get_param_types = NULL;
@@ -92,13 +93,24 @@ static int fips_get_params(const OSSL_PROVIDER *prov,
     return 1;
 }
 
-extern const OSSL_DISPATCH sha256_functions[];
-
 static const OSSL_ALGORITHM fips_digests[] = {
     { "SHA256", "fips=yes", sha256_functions },
     { NULL, NULL, NULL }
 };
 
+static const OSSL_ALGORITHM fips_ciphers[] = {
+    { "AES-256-ECB", "fips=yes", aes256ecb_functions },
+    { "AES-192-ECB", "fips=yes", aes192ecb_functions },
+    { "AES-128-ECB", "fips=yes", aes128ecb_functions },
+    { "AES-256-CBC", "fips=yes", aes256cbc_functions },
+    { "AES-192-CBC", "fips=yes", aes192cbc_functions },
+    { "AES-128-CBC", "fips=yes", aes128cbc_functions },
+    { "AES-256-CTR", "fips=yes", aes256ctr_functions },
+    { "AES-192-CTR", "fips=yes", aes192ctr_functions },
+    { "AES-128-CTR", "fips=yes", aes128ctr_functions },
+    { NULL, NULL, NULL }
+};
+
 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
                                          int operation_id,
                                          int *no_cache)
@@ -107,6 +119,8 @@ static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
     switch (operation_id) {
     case OSSL_OP_DIGEST:
         return fips_digests;
+    case OSSL_OP_CIPHER:
+        return fips_ciphers;
     }
     return NULL;
 }